<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
With git push and pull dependent on PASSWORD_STORE_GIT_PUSH and
_PULL being set, defaults to not automatic. And the fix for git
clone is still there. Plus doc changes.<br>
<br>
<tt>diff --git a/man/pass.1 b/man/pass.1<br>
index 01a3fbe..4376bfc 100644<br>
--- a/man/pass.1<br>
+++ b/man/pass.1<br>
@@ -48,8 +48,8 @@ description using \fBinit\fP and<br>
.BR git (1).<br>
<br>
The \fBinit\fP command must be run before other commands in order
to initialize<br>
-the password store with the correct gpg key id. Passwords are
encrypted using<br>
-the gpg key set with \fBinit\fP.<br>
+the password store with the correct gpg key id unless you plan to
clone a git<br>
+repository. Passwords are encrypted using the gpg key set with
\fBinit\fP.<br>
<br>
There is a corresponding bash completion script for use with tab
completing<br>
password names in<br>
@@ -71,8 +71,9 @@ is recommended so that the batch decryption does
not require as much user<br>
intervention. If \fI--path\fP or \fI-p\fP is specified, along
with an argument,<br>
a specific gpg-id or set of gpg-ids is assigned for that specific
sub folder of<br>
the password store. If only one \fIgpg-id\fP is given, and it is
an empty string,<br>
-then the current \fI.gpg-id\fP file for the specified
\fIsub-folder\fP (or root if<br>
-unspecified) is removed.<br>
+then the current \fI.gpg-id\fP file for the specified
\fIsub-folder\fP (or root<br>
+if unspecified) is removed. Do not use this option if you plan to
clone from a<br>
+remote git repository.<br>
.TP<br>
\fBls\fP \fIsubfolder\fP<br>
List names of passwords inside the tree at<br>
@@ -168,7 +169,11 @@ in addition to initializing the git
repository, add the current contents of the<br>
store to the repository in an initial commit. If the git config
key \fIpass.signcommits\fP<br>
is set to \fItrue\fP, then all commits will be signed using
\fIuser.signingkey\fP or the<br>
default git signing key. This config key may be turned on using:<br>
-.B `pass git config --bool --add pass.signcommits true`<br>
+\fB `pass git config --bool --add pass.signcommits true`\fP. If
the first of<br>
+\fIgit-command-args\fP is \fBclone\fP, clone the provided git
URL. The<br>
+environment variables \fIPASSWORD_STORE_GIT_PUSH\fP and<br>
+\fIPASSWORD_STORE_GIT_PULL\fP can be set to "true" to specify
that a git pull is<br>
+done before commits and a git push is done after commits.<br>
.TP<br>
\fBhelp\fP<br>
Show usage message.<br>
@@ -387,6 +392,20 @@ Total 7 (delta 0), reused 0 (delta 0)<br>
.br<br>
To kexec.com:pass-store<br>
<br>
+.B zx2c4@desktop ~ $ pass git clone kexec.com:pass-store<br>
+.br<br>
+Cloning into '/Users/zx2c4/.password-store'...<br>
+.br<br>
+remote: Counting objects: 101, done.<br>
+.br<br>
+remote: Compressing objects: 100% (97/97), done.<br>
+.br<br>
+remote: Total 101 (delta 30), reused 0 (delta 0)<br>
+.br<br>
+Receiving objects: 100% (101/101), 21.85 KiB | 1.99 MiB/s, done.<br>
+.br<br>
+Resolving deltas: 100% (30/30), done.<br>
+<br>
.SH FILES<br>
<br>
.TP<br>
@@ -459,6 +478,14 @@ upper-case fingerprint in this variable. If
multiple fingerprints are specified,<br>
separated by a whitespace character, then signatures must match
at least one.<br>
The \fBinit\fP command will keep signatures of \fB.gpg-id\fP
files up to date.<br>
.TP<br>
+.I PASSWORD_STORE_GIT_PULL<br>
+This environment variable must be set to "true" for git pull to
automatically<br>
+run before a commit.<br>
+.TP<br>
+.I PASSWORD_STORE_GIT_PUSH<br>
+This environment variable must be set to "true" for git push to
automatically<br>
+run after a commit.<br>
+.TP<br>
.I EDITOR<br>
The location of the text editor used by \fBedit\fP.<br>
.SH SEE ALSO<br>
diff --git a/src/password-store.sh b/src/password-store.sh<br>
index d89d455..efbdf5e 100755<br>
--- a/src/password-store.sh<br>
+++ b/src/password-store.sh<br>
@@ -19,6 +19,8 @@ CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}"<br>
GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}"<br>
CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:graph:]}"<br>
CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}"<br>
+GIT_PUSH=0; [[ "$PASSWORD_STORE_GIT_PUSH" =~ ^[YyTt1] ]]
&& GIT_PUSH=1<br>
+GIT_PULL=0; [[ "$PASSWORD_STORE_GIT_PULL" =~ ^[YyTt1] ]]
&& GIT_PULL=1<br>
<br>
export GIT_CEILING_DIRECTORIES="$PREFIX/.."<br>
<br>
@@ -43,7 +45,10 @@ git_commit() {<br>
local sign=""<br>
[[ -n $INNER_GIT_DIR ]] || return<br>
[[ $(git -C "$INNER_GIT_DIR" config --bool --get
pass.signcommits) == "true" ]] && sign="-S"<br>
+ local remote=$(git -C "$INNER_GIT_DIR" remote -v)<br>
+ [[ "$remote" ]] && (( "$GIT_PULL" )) && git
-C "$INNER_GIT_DIR" pull<br>
git -C "$INNER_GIT_DIR" commit $sign -m "$1"<br>
+ [[ "$remote" ]] && (( "$GIT_PUSH" )) && git
-C "$INNER_GIT_DIR" push<br>
}<br>
yesno() {<br>
[[ -t 0 ]] || return 0<br>
@@ -641,6 +646,8 @@ cmd_git() {<br>
git_add_file .gitattributes "Configure git repository for
gpg file diff."<br>
git -C "$INNER_GIT_DIR" config --local diff.gpg.binary
true<br>
git -C "$INNER_GIT_DIR" config --local diff.gpg.textconv
"$GPG -d ${GPG_OPTS[*]}"<br>
+ elif [[ $1 == "clone" ]]; then<br>
+ git "$@" "$PREFIX"<br>
elif [[ -n $INNER_GIT_DIR ]]; then<br>
tmpdir nowarn #Defines $SECURE_TMPDIR. We don't warn,
because at most, this only copies encrypted files.<br>
export TMPDIR="$SECURE_TMPDIR"<br>
<br>
<br>
</tt><br>
<br>
<br>
<div class="moz-cite-prefix">On 1/6/19 7:11 AM, Saeed Rasooli wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CALB+QwVfYOLm-7PFasjie+FZv=KEVnh_JLPtfCNrLx+YRje1gg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto"><span
style="font-family:sans-serif;font-size:20.992px">I disagree
with auto-push too (unless enabled explicitly with an
environment variable). For example if the remote git repo is
encrypted on server-side (something like git-remote-gcrypt),
then git push becomes slow. You may even want to push to a
local storage device that is not always plugged in. Or you are
keeping your passwords in another bigger repo along with some
other things you want to synchronize. There are many more
cases that you don't want to have auto-push (or maybe even
auto-commit).</span>
<div dir="auto"
style="font-family:sans-serif;font-size:20.992px">Afterall
this is Linux, and we never want to loose the flexibility of
Linux.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Sun, Jan 6, 2019, 5:36 PM Tinu Weber <<a
href="mailto:takeya@bluewin.ch" moz-do-not-send="true">takeya@bluewin.ch</a>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">On Sat, Jan
05, 2019 at 21:24:10 -0800, Pass Word wrote:<br>
> This patch adds git pull before commit and push after if
a remote exists.<br>
<br>
The main appeal of pass for me is that it keeps things
relatively<br>
simple. And for me "simple" means: I don't expect a `git
commit` to<br>
automagically interact with a remote; these are two distinct
things that<br>
should IMHO not be mixed up.<br>
<br>
If anything, I would make this optional at least.<br>
<br>
Best,<br>
Tinu<br>
_______________________________________________<br>
Password-Store mailing list<br>
<a href="mailto:Password-Store@lists.zx2c4.com"
target="_blank" rel="noreferrer" moz-do-not-send="true">Password-Store@lists.zx2c4.com</a><br>
<a
href="https://lists.zx2c4.com/mailman/listinfo/password-store"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://lists.zx2c4.com/mailman/listinfo/password-store</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Password-Store mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Password-Store@lists.zx2c4.com">Password-Store@lists.zx2c4.com</a>
<a class="moz-txt-link-freetext" href="https://lists.zx2c4.com/mailman/listinfo/password-store">https://lists.zx2c4.com/mailman/listinfo/password-store</a>
</pre>
</blockquote>
<br>
</body>
</html>